Inside the NIST team working to make cybersecurity more user-friendly
Cybersecurity is usually not a user’s primary duty, yet they suffer an increasing burden to respond to security warnings, maintain many complex passwords, and make security decisions for which they are not equipped. This is the main reason why security needs to be usable and why the National Institute of Standards and Technology (NIST) has a team of researchers working on projects aimed at understanding and improving the usability of cybersecurity software, hardware, systems, and processes.

Why identity is the foundation of security
Though some information may still be hosted on in-house servers, much of it has migrated to the cloud. According to a recent Flexera survey, 84% of enterprises have a multi-cloud strategy, with public cloud adoption surpassing private cloud adoption.

German banks to stop using SMS to deliver second authentication/verification factor
German banks are moving away from SMS-based customer authentication and transaction verification (called mTAN or SMS-TAN), as the method is deemed to be too insecure.

British Airways is facing £183 million fine for 2018 data breach
The UK Information Commissioner’s Office (ICO) wants British Airways to pay a £183.39 million (nearly $230 million) fine for failing to protect personal and financial information of approximately 500,000 of its customers. It also wants to fine Marriott International £99,200,396 (around $123 million) for infringements of the General Data Protection Regulation (GDPR).

The pervasive use of second screens endangers corporate IT networks
Despite techies having argued for years that having a second computer screen is a great way to improve productivity in the workplace, a new study from Gigamon has revealed that many people today use their additional monitor to stream music and watch sporting events and companies are struggling to cope with the extra internet bandwidth.

Insider attacks still far more difficult to detect and prevent than external cyber attacks
A recent survey conducted by Gurucul of more than 320 IT security experts, found that 15 percent of people said they would delete files or change passwords upon exiting a company.

Magecart compromised 17,000+ sites through unsecured Amazon S3 buckets
We often hear about misconfigured Amazon S3 buckets exposing sensitive business and customer data, but there’s another present danger: Magecart attackers have been exploiting them to inject payment card skimming scripts into websites.

Citrix plugs critical Citrix SD-WAN flaws, patch ASAP!
Researchers have found critical vulnerabilities in Citrix SD-WAN, one of the most widely used SD-WAN solutions out there, and are urging administrators to patch them as soon as possible.

Most SMB devices run Windows versions that are expired or will expire by January 2020
There is a steady increase in attacks and changes in attack methods that target weaknesses in encryption, workload configuration, limited visibility into vulnerabilities and outdated and unsupported operating systems, according to a research by Alert Logic.

July 2019 Patch Tuesday: Microsoft plugs two actively exploited zero-days
For July 2019 Patch Tuesday, Microsoft has pushed out patches for 78 CVE-numbered vulnerabilities (15 of them critical) and Adobe for three, but none of them in its most widely used software.

Are humans ready for AI to take control of digital security?
Just over a quarter (26%) of people in EMEA would prefer their cybersecurity to be managed by AI rather than a human, an online study conducted by Palo Alto Networks and YouGov alongside Dr Jessica Barker reveals.

What can financial institutions do to improve email security?
Financial institutions are in a fully-fledged war against data breaches. And rightly so – the finance sector is a frequent target of ransomware, phishing, and other malicious attacks. Sensitive communications are particularly vulnerable, with thousands getting leaked every year.

A fileless campaign is dropping the Astaroth info-stealer
Attackers are delivering the Astaroth info-stealing backdoor by leveraging a combination of fileless malware and “living off the land” techniques, Microsoft’s security team warns.

Discovering and fingerprinting BACnet devices
BACnet is a communication protocol deployed for building automation and control networks. The most widely accepted networks include Internet Protocol (BACnet/IP) and the Master-Slave Token-Passing network (BACnet MS/TP). Generally, routers are required to interconnect BACnet networks while gateways are preferred for connecting non-compliant devices to a primary BACnet network.

U.S. Coast Guard shares cybersecurity best practices for commercial vessels
Spurred by a recent cyber incident they were called in to help resolve, the U.S. Coast Guard has detailed basic measures to improve vessels ‘cybersecurity.

How mobile use cases in financial services are affecting security
Financial services organizations are increasingly exposed to cyber threats, according to Wandera. The report “​Mobile Security in the Financial Services​,” includes analysis of six months of security data from 225 financial services customers with 50,000 devices collectively under management.

How businesses can become more nimble and secure by moving to the cloud
Today’s business landscape is more dynamic than ever before. Organizations are being inundated with data, generated by an ever-increasing number of connected devices and systems. According to IDC, volume of data worldwide will grow ten-fold to 163ZB by 2025, and the majority of that will be created and managed by enterprises.

Do cloud apps make you a target for cyber attacks?
Almost half (49%) of businesses believe cloud apps make them a target for cyber attacks, a Thales research reveals.

How companies innovate as they face industry disruption
Nearly three-quarters (72%) of industry sectors experienced an increase in disruption over the past eight years, leaving $41 trillion in enterprise value (market capitalization + net debt) exposed to disruption today, according to a new report from Accenture.

Incident response at the speed of light: Cynet launches free offering for incident response service providers More and more, organizations take the route of outsourcing incident response to Managed Security Service Providers. This trend is distinct regardless of the organization’s cyber maturity level and can be found across a wide range of cyber maturity, from small companies with no dedicated security team, to enterprises with a fully equipped SOC. The hands of the incident response service providers are extremely busy and the need from their side to scale while maintaining top quality has never been greater.

Search

Loading, Please Wait!

GDPR Associates - Our cookie policy

This web site complies with the UK Privacy and Electronic Communications Regulations and the UK DPA 2018 in its understanding of consent as it applies to the regulations. We only deploy by default essential cookies, we list and give you the user the option to opt into cookie deployment for other categories of cookies if you expand the 'Cookie settings' link. By clicking the 'Accept cookie settings' button you agree to the default privacy settings of only essential cookies, if you select do not deploy any cookies then none will be deployed. Your settings and options can only be remembered with the minimum essential cookies deployed.

This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Analytics'.

cookielawinfo-checkbox-marketing

This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Marketing'.

cookielawinfo-checkbox-necessary

This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Necessary'.

cookielawinfo-checkbox-performance

This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Performance'.

cookielawinfo-checkbox-preferences

This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Preferences'.

JSESSIONID

Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.

PHPSESSID

This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.

viewed_cookie_policy

The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.

lidc

This cookie is set by LinkedIn and used for routing.

NID

This cookie is used to a profile based on user's interest and display personalized ads to the users.

VISITOR_INFO1_LIVE

This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location

pardot

The cookie is set when the visitor is logged in as a Pardot user.

_ga

This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors.

_gat

This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.

_gid

This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.

__cfduid

The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.

Windows Azure Web Sites, by default, use an ARRAffinity cookie to ensure subsequent requests from a user are routed back to the web site instance that the user initially connected to. In other words, Windows Azure Web Sites assumes that a web site is not stateless

OptanonConsent

This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor.

YSC

This cookies is set by Youtube and is used to track the views of embedded videos.